@fedify/fedify 2.2.0-dev.898 → 2.2.0-dev.924

package/dist/{middleware-MrcBc-JA.mjs → middleware-aawr753E.mjs}

@@ -2,23 +2,24 @@ import { Temporal } from "@js-temporal/polyfill";
 import "urlpattern-polyfill";
 globalThis.addEventListener = () => {};
 import { n as RouterError } from "./router-CrMLXoOr.mjs";
-import { n as version, t as name } from "./deno-DJv-tEfT.mjs";
+import { n as version, t as name } from "./deno-BukNyK1t.mjs";
 import { t as formatAcceptSignature } from "./accept-Dd__NiUL.mjs";
-import { a as importJwk, o as validateCryptoKey, t as exportJwk } from "./key-BdVfyalZ.mjs";
-import { l as verifyRequest, o as parseRfc9421SignatureInput, u as verifyRequestDetailed } from "./http-ETgJ0kEf.mjs";
-import { t as getAuthenticatedDocumentLoader } from "./docloader-iGAzD_2N.mjs";
+import { a as importJwk, o as validateCryptoKey, t as exportJwk } from "./key-DAfSmMg7.mjs";
+import { l as verifyRequest, o as parseRfc9421SignatureInput, u as verifyRequestDetailed } from "./http-DSghOjS0.mjs";
+import { t as getAuthenticatedDocumentLoader } from "./docloader-BgBM76TI.mjs";
 import { n as kvCache } from "./kv-cache-B01V7s3h.mjs";
-import { a as signJsonLd, i as hasSignatureLike, o as verifyJsonLd, r as detachSignature } from "./ld-BIwbyijT.mjs";
-import { n as getKeyOwner, t as doesActorOwnKey } from "./owner-ELkycVNn.mjs";
-import { i as verifyObject, n as hasProofLike, r as signObject } from "./proof-CdHJBGaI.mjs";
-import { t as getNodeInfo } from "./client-DEpOVgY1.mjs";
-import { t as nodeInfoToJson } from "./types-DCP0WLdt.mjs";
-import { t as FederationBuilderImpl } from "./builder-BxNYaOv9.mjs";
-import { t as buildCollectionSynchronizationHeader } from "./collection-BD6-SZ6O.mjs";
-import { t as KvKeyCache } from "./keycache-CCSwkQcY.mjs";
-import { t as acceptsJsonLd } from "./negotiation-DnsfFF8I.mjs";
-import { t as createExponentialBackoffPolicy } from "./retry-B_E3V_Dx.mjs";
-import { n as extractInboxes, r as sendActivity, t as SendActivityError } from "./send-Bsg41P7e.mjs";
+import { a as signJsonLd, i as hasSignatureLike, o as verifyJsonLd, r as detachSignature } from "./ld-DYpo7uUC.mjs";
+import { n as getKeyOwner, t as doesActorOwnKey } from "./owner-B0_w8O-Y.mjs";
+import { t as normalizePublicAudience } from "./public-audience-eovWqzOF.mjs";
+import { i as verifyObject, n as hasProofLike, r as signObject } from "./proof-DDZ2W7TX.mjs";
+import { t as getNodeInfo } from "./client-DVu6Fmom.mjs";
+import { t as nodeInfoToJson } from "./types-CGUnLkU3.mjs";
+import { t as FederationBuilderImpl } from "./builder-FoLsluZw.mjs";
+import { t as buildCollectionSynchronizationHeader } from "./collection-BQRKGS7L.mjs";
+import { t as KvKeyCache } from "./keycache-C2t1kvP5.mjs";
+import { t as acceptsJsonLd } from "./negotiation-xb0QR3u_.mjs";
+import { t as createExponentialBackoffPolicy } from "./retry-CJL0poaU.mjs";
+import { n as extractInboxes, r as sendActivity, t as SendActivityError } from "./send-DMLb0UwP.mjs";
 import { Activity, Collection, CollectionPage, CryptographicKey, Link, Multikey, Object as Object$1, OrderedCollection, OrderedCollectionPage, Tombstone, getTypeId, lookupObject, traverseCollection } from "@fedify/vocab";
 import { lookupWebFinger } from "@fedify/webfinger";
 import { SpanKind, SpanStatusCode, context, propagation, trace } from "@opentelemetry/api";
@@ -2261,6 +2262,7 @@ var FederationImpl = class extends FederationBuilderImpl {
 			format: "compact",
 			contextLoader
 		});
+		jsonLd = await normalizePublicAudience(jsonLd, contextLoader);
 		if (rsaKey == null) logger.warn("No supported key found to create a Linked Data signature for the activity {activityId}.  The activity will be sent without a Linked Data signature.  In order to create a Linked Data signature, at least one RSASSA-PKCS1-v1_5 key must be provided.", {
 			activityId,
 			keys: keys.map((pair) => ({

package/dist/{middleware-PwlQ2vwv.js → middleware-olp7n2S4.js}

@@ -2,10 +2,10 @@ import { Temporal } from "@js-temporal/polyfill";
 import "urlpattern-polyfill";
 import { t as __exportAll } from "./chunk-nlSIicah.js";
 import { r as getDefaultActivityTransformers } from "./transformers-ve6e2xcg.js";
-import { _ as version, a as verifyRequestDetailed, d as validateCryptoKey, f as formatAcceptSignature, g as name, i as verifyRequest, n as parseRfc9421SignatureInput, o as exportJwk, t as doubleKnock, u as importJwk } from "./http-IT-3f4WJ.js";
-import { d as hasSignatureLike, f as signJsonLd, i as verifyObject, n as hasProofLike, o as doesActorOwnKey, p as verifyJsonLd, r as signObject, s as getKeyOwner, u as detachSignature } from "./proof-CngGDTG-.js";
+import { _ as version, a as verifyRequestDetailed, d as validateCryptoKey, f as formatAcceptSignature, g as name, i as verifyRequest, n as parseRfc9421SignatureInput, o as exportJwk, t as doubleKnock, u as importJwk } from "./http-DiNUVHGB.js";
+import { c as getKeyOwner, d as detachSignature, f as hasSignatureLike, i as verifyObject, m as verifyJsonLd, n as hasProofLike, o as normalizePublicAudience, p as signJsonLd, r as signObject, s as doesActorOwnKey } from "./proof-DdnQ5edt.js";
 import { n as getNodeInfo, t as nodeInfoToJson } from "./types-hvL8ElAs.js";
-import { n as getAuthenticatedDocumentLoader, t as kvCache } from "./kv-cache-NdVl1dI9.js";
+import { n as getAuthenticatedDocumentLoader, t as kvCache } from "./kv-cache-Dq9VS_Jn.js";
 import { getLogger, withContext } from "@logtape/logtape";
 import { Activity, Collection, CollectionPage, CryptographicKey, Link, Multikey, Object as Object$1, OrderedCollection, OrderedCollectionPage, Tombstone, getTypeId, lookupObject, traverseCollection } from "@fedify/vocab";
 import { SpanKind, SpanStatusCode, context, propagation, trace } from "@opentelemetry/api";
@@ -3291,6 +3291,7 @@ var FederationImpl = class extends FederationBuilderImpl {
 			format: "compact",
 			contextLoader
 		});
+		jsonLd = await normalizePublicAudience(jsonLd, contextLoader);
 		if (rsaKey == null) logger.warn("No supported key found to create a Linked Data signature for the activity {activityId}.  The activity will be sent without a Linked Data signature.  In order to create a Linked Data signature, at least one RSASSA-PKCS1-v1_5 key must be provided.", {
 			activityId,
 			keys: keys.map((pair) => ({

package/dist/{middleware-BdLMFU46.cjs → middleware-rZ0jYYM9.cjs}

@@ -1,4 +1,4 @@
 const { Temporal } = require("@js-temporal/polyfill");
 const { URLPattern } = require("urlpattern-polyfill");
-const require_middleware = require("./middleware-AcyKcnPJ.cjs");
+const require_middleware = require("./middleware-Dt0fC6dK.cjs");
 exports.FederationImpl = require_middleware.FederationImpl;

package/dist/mod.cjs

@@ -4,11 +4,11 @@ Object.defineProperty(exports, Symbol.toStringTag, { value: "Module" });
 require("./chunk-DDcVe30Y.cjs");
 const require_transformers = require("./transformers-NeAONrAq.cjs");
 require("./compat/mod.cjs");
-const require_http = require("./http-COBccATS.cjs");
-const require_middleware = require("./middleware-AcyKcnPJ.cjs");
-const require_proof = require("./proof-D3NCoYW3.cjs");
+const require_http = require("./http-1uLerNXX.cjs");
+const require_middleware = require("./middleware-Dt0fC6dK.cjs");
+const require_proof = require("./proof-DgRfG4AE.cjs");
 const require_types = require("./types-KC4QAoxe.cjs");
-const require_kv_cache = require("./kv-cache-DoM8wkoM.cjs");
+const require_kv_cache = require("./kv-cache-ia7oECIG.cjs");
 const require_federation_mod = require("./federation/mod.cjs");
 require("./nodeinfo/mod.cjs");
 require("./runtime/mod.cjs");

package/dist/mod.js

@@ -3,11 +3,11 @@ import "urlpattern-polyfill";
 import "./chunk-nlSIicah.js";
 import { n as autoIdAssigner, r as getDefaultActivityTransformers, t as actorDehydrator } from "./transformers-ve6e2xcg.js";
 import "./compat/mod.js";
-import { a as verifyRequestDetailed, c as fetchKeyDetailed, f as formatAcceptSignature, h as validateAcceptSignature, i as verifyRequest, l as generateCryptoKeyPair, m as parseAcceptSignature, o as exportJwk, p as fulfillAcceptSignature, r as signRequest, s as fetchKey, u as importJwk } from "./http-IT-3f4WJ.js";
-import { a as createExponentialBackoffPolicy, c as buildCollectionSynchronizationHeader, d as Router, f as RouterError, i as SendActivityError, l as digest, o as respondWithObject, r as handleWebFinger, s as respondWithObjectIfAcceptable, t as createFederation, u as createFederationBuilder } from "./middleware-PwlQ2vwv.js";
-import { a as verifyProof, c as attachSignature, d as hasSignatureLike, f as signJsonLd, i as verifyObject, l as createSignature, m as verifySignature, n as hasProofLike, o as doesActorOwnKey, p as verifyJsonLd, r as signObject, s as getKeyOwner, t as createProof, u as detachSignature } from "./proof-CngGDTG-.js";
+import { a as verifyRequestDetailed, c as fetchKeyDetailed, f as formatAcceptSignature, h as validateAcceptSignature, i as verifyRequest, l as generateCryptoKeyPair, m as parseAcceptSignature, o as exportJwk, p as fulfillAcceptSignature, r as signRequest, s as fetchKey, u as importJwk } from "./http-DiNUVHGB.js";
+import { a as createExponentialBackoffPolicy, c as buildCollectionSynchronizationHeader, d as Router, f as RouterError, i as SendActivityError, l as digest, o as respondWithObject, r as handleWebFinger, s as respondWithObjectIfAcceptable, t as createFederation, u as createFederationBuilder } from "./middleware-olp7n2S4.js";
+import { a as verifyProof, c as getKeyOwner, d as detachSignature, f as hasSignatureLike, h as verifySignature, i as verifyObject, l as attachSignature, m as verifyJsonLd, n as hasProofLike, p as signJsonLd, r as signObject, s as doesActorOwnKey, t as createProof, u as createSignature } from "./proof-DdnQ5edt.js";
 import { n as getNodeInfo, r as parseNodeInfo, t as nodeInfoToJson } from "./types-hvL8ElAs.js";
-import { n as getAuthenticatedDocumentLoader, t as kvCache } from "./kv-cache-NdVl1dI9.js";
+import { n as getAuthenticatedDocumentLoader, t as kvCache } from "./kv-cache-Dq9VS_Jn.js";
 import { InProcessMessageQueue, MemoryKvStore, ParallelMessageQueue } from "./federation/mod.js";
 import "./nodeinfo/mod.js";
 import "./runtime/mod.js";

package/dist/nodeinfo/client.test.mjs

@@ -4,7 +4,7 @@ globalThis.addEventListener = () => {};
 import { t as esm_default } from "../esm-DVILvP5e.mjs";
 import { t as assertEquals } from "../assert_equals-Ew3jOFa3.mjs";
 import "../std__assert-Duiq_YC9.mjs";
-import { a as parseProtocol, c as parseUsage, i as parseOutboundService, n as parseInboundService, o as parseServices, r as parseNodeInfo, s as parseSoftware, t as getNodeInfo } from "../client-DEpOVgY1.mjs";
+import { a as parseProtocol, c as parseUsage, i as parseOutboundService, n as parseInboundService, o as parseServices, r as parseNodeInfo, s as parseSoftware, t as getNodeInfo } from "../client-DVu6Fmom.mjs";
 import { test } from "@fedify/fixture";
 //#region src/nodeinfo/client.test.ts
 test("getNodeInfo()", async (t) => {

package/dist/nodeinfo/handler.test.mjs

@@ -4,8 +4,8 @@ globalThis.addEventListener = () => {};
 import { r as createRequestContext } from "../context-Dk_tacqz.mjs";
 import { t as assertEquals } from "../assert_equals-Ew3jOFa3.mjs";
 import "../std__assert-Duiq_YC9.mjs";
-import { t as MemoryKvStore } from "../kv-tL2TOE9X.mjs";
-import { _ as handleNodeInfoJrd, g as handleNodeInfo, o as createFederation } from "../middleware-MrcBc-JA.mjs";
+import { t as MemoryKvStore } from "../kv-C-TG81Sv.mjs";
+import { _ as handleNodeInfoJrd, g as handleNodeInfo, o as createFederation } from "../middleware-aawr753E.mjs";
 import { test } from "@fedify/fixture";
 //#region src/nodeinfo/handler.test.ts
 test("handleNodeInfo()", async () => {

package/dist/nodeinfo/types.test.mjs

@@ -4,7 +4,7 @@ globalThis.addEventListener = () => {};
 import { t as assertEquals } from "../assert_equals-Ew3jOFa3.mjs";
 import "../std__assert-Duiq_YC9.mjs";
 import { t as assertThrows } from "../assert_throws-4NwKEy2q.mjs";
-import { t as nodeInfoToJson } from "../types-DCP0WLdt.mjs";
+import { t as nodeInfoToJson } from "../types-CGUnLkU3.mjs";
 import { test } from "@fedify/fixture";
 //#region src/nodeinfo/types.test.ts
 test("nodeInfoToJson()", () => {

package/dist/otel/exporter.test.mjs

@@ -3,7 +3,7 @@ import "urlpattern-polyfill";
 globalThis.addEventListener = () => {};
 import { t as assertEquals } from "../assert_equals-Ew3jOFa3.mjs";
 import "../std__assert-Duiq_YC9.mjs";
-import { t as MemoryKvStore } from "../kv-tL2TOE9X.mjs";
+import { t as MemoryKvStore } from "../kv-C-TG81Sv.mjs";
 import { test } from "@fedify/fixture";
 import { SpanKind, SpanStatusCode, TraceFlags } from "@opentelemetry/api";
 import { getLogger } from "@logtape/logtape";

package/dist/{owner-ELkycVNn.mjs → owner-B0_w8O-Y.mjs}

@@ -1,8 +1,8 @@
 import "@js-temporal/polyfill";
 import "urlpattern-polyfill";
 globalThis.addEventListener = () => {};
-import { n as version, t as name } from "./deno-DJv-tEfT.mjs";
-import "./key-BdVfyalZ.mjs";
+import { n as version, t as name } from "./deno-BukNyK1t.mjs";
+import "./key-DAfSmMg7.mjs";
 import { CryptographicKey, Object as Object$1, isActor } from "@fedify/vocab";
 import { SpanKind, SpanStatusCode, trace } from "@opentelemetry/api";
 import { getDocumentLoader } from "@fedify/vocab-runtime";

package/dist/{proof-CdHJBGaI.mjs → proof-DDZ2W7TX.mjs}

@@ -1,8 +1,9 @@
 import { Temporal } from "@js-temporal/polyfill";
 import "urlpattern-polyfill";
 globalThis.addEventListener = () => {};
-import { n as version, t as name } from "./deno-DJv-tEfT.mjs";
-import { n as fetchKey, o as validateCryptoKey } from "./key-BdVfyalZ.mjs";
+import { n as version, t as name } from "./deno-BukNyK1t.mjs";
+import { n as fetchKey, o as validateCryptoKey } from "./key-DAfSmMg7.mjs";
+import { t as normalizePublicAudience } from "./public-audience-eovWqzOF.mjs";
 import { Activity, DataIntegrityProof, Multikey, getTypeId } from "@fedify/vocab";
 import { SpanStatusCode, trace } from "@opentelemetry/api";
 import { getLogger } from "@logtape/logtape";
@@ -56,11 +57,12 @@ function hasProofLike(jsonLd) {
 async function createProof(object, privateKey, keyId, { contextLoader, context, created } = {}) {
 	validateCryptoKey(privateKey, "private");
 	if (privateKey.algorithm.name !== "Ed25519") throw new TypeError("Unsupported algorithm: " + privateKey.algorithm.name);
-	const compactMsg = await object.clone({ proofs: [] }).toJsonLd({
+	let compactMsg = await object.clone({ proofs: [] }).toJsonLd({
 		format: "compact",
 		contextLoader,
 		context
 	});
+	compactMsg = await normalizePublicAudience(compactMsg, contextLoader);
 	const msgCanon = serialize(compactMsg);
 	const encoder = new TextEncoder();
 	const msgBytes = encoder.encode(msgCanon);
@@ -155,27 +157,25 @@ async function verifyProof(jsonLd, proof, options = {}) {
 	});
 }
 async function verifyProofInternal(jsonLd, proof, options) {
-	if (typeof jsonLd !== "object" || proof.cryptosuite !== "eddsa-jcs-2022" || proof.verificationMethodId == null || proof.proofPurpose !== "assertionMethod" || proof.proofValue == null || proof.created == null) return null;
+	if (typeof jsonLd !== "object" || jsonLd == null || Array.isArray(jsonLd) || proof.cryptosuite !== "eddsa-jcs-2022" || proof.verificationMethodId == null || proof.proofPurpose !== "assertionMethod" || proof.proofValue == null || proof.created == null) return null;
 	const publicKeyPromise = fetchKey(proof.verificationMethodId, Multikey, options);
-	const proofCanon = serialize({
+	const proofConfig = {
 		"@context": jsonLd["@context"],
 		type: "DataIntegrityProof",
 		cryptosuite: proof.cryptosuite,
 		verificationMethod: proof.verificationMethodId.href,
 		proofPurpose: proof.proofPurpose,
 		created: proof.created.toString()
-	});
+	};
 	const encoder = new TextEncoder();
-	const proofBytes = encoder.encode(proofCanon);
+	const proofBytes = encoder.encode(serialize(proofConfig));
 	const proofDigest = await crypto.subtle.digest("SHA-256", proofBytes);
 	const msg = { ...jsonLd };
 	if ("proof" in msg) delete msg.proof;
-	const msgCanon = serialize(msg);
-	const msgBytes = encoder.encode(msgCanon);
-	const msgDigest = await crypto.subtle.digest("SHA-256", msgBytes);
-	const digest = new Uint8Array(proofDigest.byteLength + msgDigest.byteLength);
-	digest.set(new Uint8Array(proofDigest), 0);
-	digest.set(new Uint8Array(msgDigest), proofDigest.byteLength);
+	if ("https://w3id.org/security#proof" in msg) delete msg["https://w3id.org/security#proof"];
+	const candidates = [msg];
+	const normalized = await normalizePublicAudience(msg, options.contextLoader);
+	if (normalized !== msg) candidates.push(normalized);
 	let fetchedKey;
 	try {
 		fetchedKey = await publicKeyPromise;
@@ -204,7 +204,7 @@ async function verifyProofInternal(jsonLd, proof, options) {
 			return await verifyProof(jsonLd, proof, {
 				...options,
 				keyCache: {
-					get: () => Promise.resolve(null),
+					get: () => Promise.resolve(void 0),
 					set: async (keyId, key) => await options.keyCache?.set(keyId, key)
 				}
 			});
@@ -215,27 +215,32 @@ async function verifyProofInternal(jsonLd, proof, options) {
 		});
 		return null;
 	}
-	if (!await crypto.subtle.verify("Ed25519", publicKey.publicKey, proof.proofValue.slice(), digest)) {
-		if (fetchedKey.cached) {
-			logger.debug("Failed to verify the proof with the cached key {keyId}; retrying with the freshly fetched key...", {
-				keyId: proof.verificationMethodId.href,
-				proof
-			});
-			return await verifyProof(jsonLd, proof, {
-				...options,
-				keyCache: {
-					get: () => Promise.resolve(void 0),
-					set: async (keyId, key) => await options.keyCache?.set(keyId, key)
-				}
-			});
-		}
-		logger.debug("Failed to verify the proof with the fetched key {keyId}:\n{proof}", {
+	const digest = new Uint8Array(proofDigest.byteLength + 32);
+	digest.set(new Uint8Array(proofDigest), 0);
+	for (const candidate of candidates) {
+		const msgBytes = encoder.encode(serialize(candidate));
+		const msgDigest = await crypto.subtle.digest("SHA-256", msgBytes);
+		digest.set(new Uint8Array(msgDigest), proofDigest.byteLength);
+		if (await crypto.subtle.verify("Ed25519", publicKey.publicKey, proof.proofValue.slice(), digest)) return publicKey;
+	}
+	if (fetchedKey.cached) {
+		logger.debug("Failed to verify the proof with the cached key {keyId}; retrying with the freshly fetched key...", {
 			keyId: proof.verificationMethodId.href,
 			proof
 		});
-		return null;
+		return await verifyProof(jsonLd, proof, {
+			...options,
+			keyCache: {
+				get: () => Promise.resolve(void 0),
+				set: async (keyId, key) => await options.keyCache?.set(keyId, key)
+			}
+		});
 	}
-	return publicKey;
+	logger.debug("Failed to verify the proof with the fetched key {keyId}:\n{proof}", {
+		keyId: proof.verificationMethodId.href,
+		proof
+	});
+	return null;
 }
 /**
 * Verifies the given object.  It will verify all the proofs in the object,